Lucky me!
Apart from the rootkit problem I have on my Packardbell-desktop a laptop computer I’m taking care of shows almost the same behaviour. This time it’s an Acer Aspire 3000 machine.
AMD sempron 3000+ 1,80Ghz
512 Mb DDR
Windows XP home sp3 (OEM)
Avast home 4.8.1296
Zonalarm firewall
Lavasoft anti-spyware
After updating from 4.8.1229 to 4.8.1296 I did an on-demand scan again reporting multiple rootkits using heuristic scan method. After choosing the “delete” option Avast advises a boot-scan which doesn’t find any problem.
I also scanned with:
-Avast anti-rootkit (also in advanced mode)
-F-secure Blacklight
-Trend micro Rootkitbuster
-Symantec security-check
-Bitdefender online-scan
They all don’t find any problem.
I think the suspected files are again not sent to the Alwil-labo because the Avast-log reports: “Internal error has occurred in module bas Encode File To submit failed”.
I think these detected rootkits are false positive again. Comparing the Avast-log of the Packardbell-desktop and the Acer-laptop the are some resemblances in folders affected:
(files differ as far as I can see)
C:\WINDOWS\system32\spoolsv.exe\drivers\w32x86\3
C:\WINDOWS\system32\spoolss.dll\drivers\w32x86\3\
Folders both on Packardbell-desktop and Acer-laptop:
(some files differ, some the same)
C:\WINDOWS\assembly\GAC_MSIL\
C:\WINDOWS\assembly\GAC_32
Only at Acer-laptop files from:
C:\WINDOWS\system32\autorun\acer.ico
C:\WINDOWS\system32\spoolss.dll\prtprocs
C:\WINDOWS\system32\spoolss.dll\XPSEP\amd64
C:\WINDOWS\system32\spoolss.dll\XPSEP\i386
C:\WINDOWS\system.ini\
C:\WINDOWS\ie7_main.log\
Complete log report again to big to post
Hope it helps. Merry Christmas.
Art